7
CVE-2024-12740 - Dependency on Vulnerable Third-Party Component exposes Vulnerabilities in NI Vision Software
Vision related software from NI used a third-party library for image processing that exposes several vulnerabilities. These vulnerabilities may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted file.
6.9
CVE-2025-24368 - Cacti has a SQL Injection vulnerability when using tree rules through Automation API
Cacti is an open source performance and fault management framework. Some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in build_rule_item_filter() function from lib/api_automation.php, resulting in SQL injection. This vulnerabβ¦
8.7
CVE-2025-24367 - Cacti allows Arbitrary File Creation leading to RCE
Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed iβ¦
9.1
CVE-2025-22604 - Cacti has Authenticated RCE via multi-line SNMP responses
Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an arraβ¦
6.3
CVE-2024-54145 - Cacti has a SQL Injection vulnerability when request automation devices
Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the get_discovery_results function of automation_devices.php using the network parameter. This vulnerability is fixed in 1.2.29.
7.6
CVE-2024-54146 - Cacti has a SQL Injection vulnerability when view host template
Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the template function of host_templates.php using the graph_template parameter. This vulnerability is fixed in 1.2.29.
6.3
CVE-2025-0730 - TP-Link TL-SG108E HTTP GET Request usr_account_set.cgi get request method with sensitive query striβ¦
A vulnerability classified as problematic has been found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. Affected is an unknown function of the file /usr_account_set.cgi of the component HTTP GET Request Handler. The manipulation of the argument username/password leads to use of get request mβ¦
6.9
CVE-2025-0729 - TP-Link TL-SG108E clickjacking
A vulnerability was found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to clickjacking. The attack may be initiated remotely. Upgrading to version 1.0.0 Build 20250124 Rel. 54920(Beta) is aβ¦
5.9
CVE-2024-27256 - IBM MQ Operator information disclosure
IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS andΒ 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
6.4
CVE-2023-52292 - IBM Sterling File Gateway cross-site scripting
IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within β¦